The branch, master has been updated via 62d87f8 s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail via 4c57095 heimdal: added verbose logging of hemimdal crypto errors via 23b4126 autobuild: fixed the --tail option for new log locations via c03d02d s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET via 694f287 s4-spn: don't try and send an empty SPN list from fbee3586 selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 62d87f8f88306cf71686f55a6839bec337c96d1d Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 30 20:56:20 2010 -0700 s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail this fails intermittently on sn-devel. Guenther suggested adding it to knownfail Autobuild-User: Andrew Tridgell <tri...@samba.org> Autobuild-Date: Fri Oct 1 04:37:36 UTC 2010 on sn-devel-104 commit 4c57095bb76aee5922502d1dff307c6dd869f007 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Sep 30 20:13:34 2010 -0700 heimdal: added verbose logging of hemimdal crypto errors commit 23b4126f10f3927a8d70517e04872aa4ebf1b502 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 30 19:41:50 2010 -0700 autobuild: fixed the --tail option for new log locations commit c03d02d28e7d9e908fa0553006282184487d2c8c Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 30 15:24:58 2010 -0700 s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET otherwise we don't get the secrets! Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 694f2876c9da51dc16a00d45de92edf8884dfbed Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 30 15:02:50 2010 -0700 s4-spn: don't try and send an empty SPN list Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: script/autobuild.py | 2 +- source3/selftest/knownfail | 1 + source4/dsdb/repl/drepl_out_helpers.c | 3 +++ source4/heimdal/lib/krb5/crypto.c | 17 +++++++++++++++-- source4/scripting/bin/samba_spnupdate | 2 ++ 5 files changed, 22 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/script/autobuild.py b/script/autobuild.py index f1e29a7..6f14845 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -226,7 +226,7 @@ class buildlist: def start_tail(self): cwd = os.getcwd() cmd = "tail -f *.stdout *.stderr" - os.chdir(testbase) + os.chdir(gitroot) self.tail_proc = Popen(cmd, shell=True) os.chdir(cwd) diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail index da38f88..dff19ca 100644 --- a/source3/selftest/knownfail +++ b/source3/selftest/knownfail @@ -1,2 +1,3 @@ .*printer.*print_test_extended # fails on some hosts due to timing issues ? samba3.posix_s3.rap.printing # fails sometimes on sn-devel +samba3.posix_s3.rpc.spoolss.printer # also fails sometimes diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 2a32e5c..f83cdda 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -384,6 +384,9 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) DEBUG(0,(__location__ ": Failed to construct partial attribute set : %s\n", nt_errstr(status))); return; } + if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) { + replica_flags &= ~DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING; + } } r->in.bind_handle = &drsuapi->bind_handle; diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index ed87655..eda5e63 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -1847,6 +1847,10 @@ verify_checksum(krb5_context context, } if(ct->checksumsize != cksum->checksum.length) { krb5_clear_error_message (context); + krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, length was %u, expected %u", ""), + ct->name, (unsigned)cksum->checksum.length, (unsigned)ct->checksumsize); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; @@ -1874,8 +1878,14 @@ verify_checksum(krb5_context context, return ret; } else dkey = NULL; - if(ct->verify) - return (*ct->verify)(context, dkey, data, len, usage, cksum); + if(ct->verify) { + ret = (*ct->verify)(context, dkey, data, len, usage, cksum); + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, key type %s", ""), + ct->name, crypto->et->name); + } + } ret = krb5_data_alloc (&c.checksum, ct->checksumsize); if (ret) @@ -1890,6 +1900,9 @@ verify_checksum(krb5_context context, if(c.checksum.length != cksum->checksum.length || ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { krb5_clear_error_message (context); + krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, key type %s", ""), + ct->name, crypto->et->name); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { ret = 0; diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate index 6a69f48..502eeba 100755 --- a/source4/scripting/bin/samba_spnupdate +++ b/source4/scripting/bin/samba_spnupdate @@ -212,6 +212,8 @@ def call_rodc_update(d): ns.str = n spn_names.append(ns) req1.count = req1.count + 1 + if spn_names == []: + return req1.spn_names = spn_names (level, res) = drs.DsWriteAccountSpn(drs_handle, 1, req1) -- Samba Shared Repository